It's like Fort Knox in there...
Our donation processing system that is.
Yes indeed. We've just launched a major upgrade of our donation
processing system to incorporate the very latest leading edge payment
technology.
Which means even greater security for you, greater efficiency in
processing your donations and even lower credit card rates. All of
which, we think you will agree, are wonderful things.
You may notice a few changes in the donation process as a result of
this super duper upgrade, so we thought we'd better let you know about
them:
1. Verified by VISA (VBV) and MasterCard SecureCode (MCSC)
The clever clogs at VISA and MasterCard, among others, have
collaborated to create a new industry standard known as the Payment
Card Industry Data Security Standard (or the more palatable 'PCI' for
short).
So...we've introduced VBV™ and
MasterCard SecureCode™, both of which provide additional protection for you by
prompting you to provide a personal password every time you use your
card online.
You can now register with VBV or SecureCode when you donate on
Justgiving. If you don't want to, don't have to (but soon everyone will
have to be registered, so you might as well get it over with!).
2. Security Code
This is the three-digit security code on the back of your payment card.
Every time you make a donation via Justgiving, you will now be asked to
enter your code.
3. Address verification service (AVS)
AVS verifies your personal address and billing information at the time
of your donation against the information your credit card company has
on file.
Phew. So that's that. Stick with us...
The other big change is that rather than processing donations in
overnight batches, we now authorise each donation as it is made. In
"real-time", if you want to get all techy about it.
Real-time processing helps us better handle major appeals and high peaks of transactions.
It also means that if your card is rejected, you will find out immediately via an on-screen message, and not via an email.
Nearly there...
One more thing to tell you. Our lovely partners Barclays have given us
even greater discounts on credit and debit card fees, so more of your
money gets to your charity.
Here's a lovely little table illustrating the new low low low charges:
Card |
Fee (per transaction) |
Maestro/Solo |
22p |
Delta |
23p |
Electron |
23p |
Visa |
1.34% |
MasterCard |
1.41% |
Oh yeah, one more thing. We also now accept Visa Electron™ cards for the first time. Yay, shout all you Visa Electron™ users!
I wanted to let you know of a blog on PCI DSS that covers the requirements and clarifies each item. The requirements can be confusing so it's important to know the intent of compliance.
Please feel free to check it out and add to your blogroll.
http://datasecurity.wordpress.com/
-Datasecurity
Posted by: Datasecurity | October 29, 2006 at 04:29 AM
I have recently posted about the timelag in processing my donation and also my concerns about data security. Can you tell me please why you have taken a month to process a donation and also tell me why you don't store my credit card details with a PSP - How exactly was this delayed transaction claimed? Do you manually enter credit card numbers into terminals?
More at http://blog.givingmatters.co.uk/2006/11/14/backlog-and-security-at-justgiving/
Posted by: Adrian | November 14, 2006 at 05:33 PM
Dear Adrian,
The delay in the acknowledgement email you received after making a donation on Justgiving was not caused by a breach of security. The script that generates automatic emails to donors was faulty and we fixed this bug as soon as we became aware of it, which triggered the email you received. We apologise for any confusion caused.
This email-related fault has absolutely nothing to do with our backoffice credit card processing activities. The charity received the donation a few days after you made it, as we pay charities weekly.
We store credit card details on our systems to enable account holders to save their details for future use and to give us the ability to process donations in batches in the event of a problem with real-time processing.
Card details are held securely and remain encrypted at all times. We DO NOT manually enter card details into terminals. As well as being insecure, it would be totally impractical given the huge volumes of donations made on Justgiving every day.
Anne-Marie Huby, MD, Justgiving
Posted by: Anne-Marie Huby | November 15, 2006 at 01:36 PM